Privacy Policy

Last updated: February 12, 2026

1. Introduction

Zeph, Inc. ("Zeph," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our smart breath trainer device, mobile application, website, and related services (collectively, the "Services").

2. Information We Collect

Personal Information

We may collect personal information that you provide directly to us, including your name, email address, phone number, date of birth, and payment information when you create an account or make a purchase.

Health Data

Our Services collect respiratory health data including lung function measurements, breathing patterns, exercise session data, and breathability scores. This data is classified as Protected Health Information (PHI) and is handled in accordance with HIPAA regulations.

Device & Usage Data

We automatically collect certain information when you use our Services, including device type, operating system, app version, Bluetooth connection data, and usage analytics.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Create and manage your account
  • Generate personalized breathing exercise plans
  • Track and display your respiratory health progress
  • Share data with your healthcare providers (with your consent)
  • Send you updates, support messages, and marketing communications (with your consent)
  • Conduct research and analytics to improve our products

4. Data Sharing

We do not sell your personal or health data. We may share your information with:

  • Healthcare providers — only with your explicit consent via the app's data-sharing feature
  • Service providers — third parties who help us operate our Services (hosting, analytics, payment processing), bound by confidentiality agreements
  • Legal requirements — when required by law, regulation, or legal process

5. Data Security

We implement industry-standard security measures including end-to-end encryption, secure data storage, access controls, and regular security audits. All health data is encrypted both in transit and at rest.

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand where our visitors come from.

Types of Cookies We Use

  • Essential cookies — Required for the website to function properly (e.g., session management, security)
  • Analytics cookies — Help us understand how visitors interact with our website (e.g., page views, navigation patterns)
  • Preference cookies — Remember your settings and preferences (e.g., theme selection, language)

You can control cookie preferences through your browser settings. Disabling certain cookies may affect website functionality. We do not use advertising or third-party tracking cookies.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. Health data is retained for the duration of your account plus an additional 12 months after account deletion to comply with healthcare record-keeping requirements. After this period, data is securely deleted or anonymized.

You may request earlier deletion of your data at any time, subject to legal and regulatory obligations.

8. Your Rights

You have the right to access, correct, delete, or export your personal data at any time through the Zeph app or by contacting us. You may also opt out of marketing communications at any time.

Additional Rights for EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • Right to access — Request a copy of all personal data we hold about you
  • Right to rectification — Request correction of inaccurate personal data
  • Right to erasure — Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing — Request limitation on how we process your data
  • Right to data portability — Receive your data in a structured, machine-readable format
  • Right to object — Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — Withdraw previously given consent at any time

To exercise any of these rights, contact us at privacy@zeph.com. We will respond to your request within 30 days.

9. International Data Transfers

Your data may be transferred to and processed in the United States. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

Our Services are not directed to children under 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Services after changes are posted constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at privacy@zeph.com or write to us at Zeph, Inc., San Francisco, CA.